Fraud Prevention

Realtime fraud prevention API to detect suspicious activity

Payment Page

Add the javascript to the head section of your payment page

<script src=""></script>

You then need to retrieve a token that is associated with this visitor and checkout. You do this by calling Detector(ids, partner, service) once the page has loaded.

idsThe HTML id's of your payment form, confirmation button, and cancel buttonform: 'purchase_form'
confirm_button: 'form_submit_btn'
cancel_button: 'form_cancel_btn'
partnerYour Alacrity partner URIpartner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb
serviceYour Alacrity service URIcampaign:2a73f22ed63c1f8e40925632b7n10w6fed611779

Our javascript will insert an HTML element with the id fraudDetectorIsLoaded so that you can check that everything has loaded before submitting your form. Once loaded our javascript will also add a hidden input to your form with the name token and the value equal to the returned token.

Below is a full example using vanilla javascript of initialising the Detector, adding a listener to your form, checking that fraudDetectorIsLoaded, and then submitting your form (with the hidden token field).

window.onload = function () {
    var ids = {
      form: 'purchase_form',
      confirm_button: 'form_submit_btn',
      cancel_button: 'form_cancel_btn'
    var partner = 'partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb';
    var service = 'campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779';

    const detector = new Detector(ids, partner, service);

    var form = document.getElementById(ids['form']);
    form.addEventListener("submit", function(e) {

      function fraudDetectorLoaded() {
        var loaded = document.getElementById('fraudDetectorIsLoaded');
        if (loaded && loaded.value === 'yes') {
        } else if ('requestIdleCallback' in window) {
        } else {
          setTimeout(fraudDetectorLoaded, 100);

Check Transaction API

Once the user has submitted your payment form you need to check the token with our Check Transaction API. This API will check the token and return whether the user/purchase is valid or not.

HTTP Request

POST /v1/check_transaction?token={token}

Sample Request

POST /v1/check_transaction?
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json
curl -X POST \ \
--header 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
tokenThis is the token that is added as a hidden input field on your payment form and is submitted along with your form with the parameter name token2e056a61-18d0-41c7-93d1-94f07bf9cf0a


The response is returned as JSON and also uses HTTP status codes. When the status code is 200 the response will contain the key is_vaild which is a boolean and indicates whether or not the transaction is valid and the purchase should be allowed.

  "is_vaild": true

If a transaction is blocked for being suspicious is_valid will be false and there will be a reason returned.

  "is_valid": false,
  "reason": "BOT_ACTIVITY"

It's also possible to receive other errors via the HTTP status codes such as 400, 401, and 404. In this case there will be a JSON response returned in the body with the key message.

  "message": "auth error: invalid credentials"

Unless you receive a HTTP status of 200 and is_valid is true the purchase should not be allowed to continue.

Create API

The valid fraud token should be included in the create API call